Passwords, pin codes, and security

I recently went to visit a friend in a secure building. He didn’t answer his phone when I called from the front door to let me in, but the building had a keypad entrance system.  After a few repeated attempts, I was able to find the correct key code and let myself into the building. When I got to his front door, he was a bit upset that I was able to “hack” into his building. I said it’s pretty easy to figure out PIN codes and passwords because people pick easy to remember numbers, words and patterns. Most of the time you just try the most obvious options first, and you can guess the security code.

In research done by DataGenetics.com in 2012, of the 3.4 million accounts they looked at 11% of people had the PIN code 1234. Over 6% had 1111 and almost 2% had 0000.  Hacking for passwordGiven that knowledge trying only 3 PIN codes gives me about a 20% chance of guessing someone’s personal PIN code.

Passwords for computers, emails, and online accounts are not much different.  Every year hackers post online usernames and passwords they have harvested. SplashData, a password management company, compiles a list of the most common passwords of the year. In 2013 the top three passwords were 123456, password and 12345678. Other common passwords included phrases like amazon, adobe, password1 and one of my favorites: trustno1.

Since most sites require usernames and passwords for access, and our brains are designed to hold 50 different complex unreadable passwords; many of us opted to make them easy to remember.  Unfortunately, an easy password to remember is an easy password to hack. Below are a couple of things to consider when you create pin codes and passwords to help make them more secure.

PIN codes

  1. Select PIN codes that are random and have no association to you. For example a PIN code of 3976 is much better than a birth year of say 1960. If I know the year you were born, I would make that a PIN code to try.
  2. Select a PIN code that is not an easy visual pattern on a keypad. DataGenetics found 2580 was the 22nd most popular PIN code because it is the numbers down the center of the keypad on your phone.  The code 1397 is an easy guess as well because it is the corners for the phone keypad going clockwise.

 Passwords

  1. Avoid using any part of your login or the site name in your password. If your login to amazon.com is joe.example@fakeemail.com don’t make your password joe123 or Amazon1.
  2. Have a different password for every site. I know this can be a big pain, but if a hacker steals your password at one site, they won’t be able to use it at a different site. Imagine if your password was compromised at some site you used three years ago once, and you only use one password. How many sites do you have to update? How much of your data would be at risk (banking, shopping, investment, email)? With a unique password at each site you can reduce your risk.
  3. Try to use a random password. A password like Fj%9cX44 is much better than F00tballs. While F00tballs has the normal 8 character limit with numbers and upper/lower case letters, hackers are getting smarter and computers are getting faster so simple character substitutions are still risky.
  4. Use an uncommon phrase. For a while, people suggested using a simple phrase such as “ILikeSchool.” However, as the hacking has improved, many security experts now recommend that you use non-sensical sentences as passwords. A phrase such as “eat_baseball_Yards” or “doughnuts around circles” is more difficult to breach.
  5. Try using unique logins for various accounts. If possible, I like to have a login that is unique at each site. Also, if it requires an email address, I like to have a few email accounts I can use for different sites. You can easily sign up for multiple Gmail, Hotmail or Yahoo email accounts.
  6. Use a password management program. If it is really hard to remember all those passwords, there are several programs out there that will securely store your passwords. These programs will store you username and passwords and log you into the website automatically. A quick search for Password Manager in Google or Bing will get you on your way.

As I said above, I don’t think we were meant to remember so many sites, logins and passwords stored in our brains. Writing it down on a piece of paper is just asking for trouble. And storing them in an Excel spreadsheet isn’t any better. There is hope on the horizon. As we work with biometric systems for voice and visual recognition we soon might be able to have our image and voice as our PIN code. We might be able to use a fingerprint and say our name to get in our email. No longer will we need to store all these random phrases, we will only need to remember our name. Oh, and the code to my friend’s building was 2468.

0 Comments

Getting debt under control

I recently had the good fortune of being featured in this article which appeared on the front page of the Seattle Times Business section, and I want to share it with you.

A.J. and Amy are a young couple burdened by debt who did not have the resources to pay for a financial planner. The Seattle Times reached out to me through my affiliation with the Puget Sound Financial Planning Association and asked if I would build them a plan. After several meetings we were able to identify and build a plan around their short and long term goals. I am thrilled to report that they feel like they are finally in control of their debt and retirement savings. Most importantly, they have developed peace of mind around their finances.

Please keep in mind no two investors are alike, this article referenced above is a specific recommendation based on A.J. and Amy’s personal finances. If you would like to give the gift of financial peace of mind, I am always more than happy to help your friends and family develop their own personal plan.

0 Comments

Protecting yourself against electronic wire fraud

It seems like every year thieves become more creative in finding new ways to steal. A disturbing new trend is directly targeting financial advisors and their clients. Financial institutions are seeing a noticeable increase in attempts at fraudulent wire transfers by email “spoofing,” where an email request appears to be sent from the client, but is actually from a fake-but-similar email account (or sometimes it’s the client’s actual account).

Think, for a minute, about the emails you have sent to your advisor. If your email account was hacked, the hacker would have access to all of those emails in your sent folder. They could easily send an email (from “you”!) to your advisor requesting a fund transfer to a third-party bank account, along with convincingly forged letters of authorization. If you’ve ever emailed a scanned copy of something you’ve signed, they have access to your signature too. Often, by the time someone realizes the request is fraudulent, it is often too late. The money is already gone, the transfer cannot be unwound, and the wire fraud theft is complete.

It is our policy to never accept instructions like this via e-mail, but in response to this increased risk, we have trained our employees to identify warning signs of electronic wire fraud attempts. We have also reviewed and improved our procedures to verify a wire transfer request is legitimate before acting on it, particularly in scenarios where the transfer is going to a third party.

However, it’s important to take steps to make sure your information is secure and avoid the possibility of this type of fraud altogether. We use www.box.com to securely share files with our clients and keep that sensitive information out of your inbox.

Just to be safe, here are some tips on how you can help protect your email accounts from being hacked:

  1. Make sure to use secure complex passwords. We recommend choosing a password with a minimum of 8 characters, including upper & lower case letters, numbers and symbols.
  2. Don’t use the same passwords on multiple accounts. If you get hacked in one, they have access to everything.
  3. Use double authentication if possible. This requires you to enter an extra code when logging in from an unrecognized IP address. Click here to learn more about Google’s 2-step verification.
  4. If you get email on your smart phone, make sure the phone is password protected.
  5. Beware of storing documents in your email that contain your signature, social security number, or other non-public personal identifying information. If your account gets hacked, the thief will have everything they need to steal your identity.
  6. Don’t ignore signs that your email account has been hacked, like finding emails you didn’t send in your ‘sent’ folder, or hearing from your friends that they’ve received spam from your email address.
  7. If you do get hacked, be sure to change your passwords immediately! Also call your financial institutions to make sure your accounts have not been compromised.
0 Comments

Have you written your letter of instruction?

image036Maybe you’ve heard of this before. A letter of instruction is a document you write to your executor and family that contains your personalized wishes and instructions for settling your estate. Although it does not carry any legal authority, a letter of instruction can be used to provide tremendous added detail about your financial affairs that doesn’t fit within a will or trust.

One of the most important purposes of a letter of instruction is to lead the person in charge of settling your estate through the process step by step. A good letter of instruction should contain the following:

  • Detailed list of your assets and belongings.
  • Copy of your monthly budget.
  • Login ID and password list.
  • Contact information for financial professionals and beneficiaries.
  • Location of important documents such as the will, trust, deeds, birth certificate, tax returns, bank statements, bills, life insurance, etc.
  • Creditor statements for any mortgages, credit cards or other loans.
  • Location of keys for house, auto or safe deposit box.

A key function of the letter of instruction is to specifically indicate which household belongings go to which heirs. Your will and/or trust will generally only address big ticket items. Through the letter you can decide who receives the family albums, the silverware, stamp collection, artworks or family knickknacks. Providing clear guidance can keep your family from devolving into arguments and resentment when emotions and grief run high.

Burial Arrangements

You can also use a letter of instruction to tell your family how and where you would like to be buried or cremated. You can be as elaborate as you desire. If you want, you can choose funeral readings, pick your flowers, charitable donations, etc. You can even prewrite your own obituary here, so be creative. Whatever your desires, putting your wishes in writing will help reduce guesswork and potential arguments among those who will handle these arrangements when the time comes.

Other Advantages

If desired, you may use the letter of instruction to voice personal requests and your expectations for how your heirs use their inherited assets. After all, these were your possessions! Some people also include their personal values, in a section known as the “ethical will,” which allows you to pass your core values and beliefs down to your family and beneficiaries.

Another benefit of this letter is that you can augment your living will with regard to end of life care, providing more detail about the circumstances under which you want to be kept alive or taken off of life support. This can be very helpful in reducing stress or uncertainty for your family if the health care directive or living will lacks this detail.

Conclusion

Remember, a letter of instruction does not replace a will, durable power of attorney or living will. If you don’t already have these documents in place, you should have them drawn up by a qualified estate planning attorney. A letter of instruction can be a fantastic tool to articulate your final wishes and decisions for your executor and heirs. Be sure to update it periodically and file it along with your other estate planning documents. At its heart, the letter of instruction is a last gift of your voice that you leave to your family, so make it count.

0 Comments

Go fishing, not phishing!

If you use email, you are under constant attack. Every ploy imaginable is being used against you in attempts to get you to open an email that has the goal of connecting you with a website to enter your account number and password information.Phishing concept This “phish” email will look very official, be urgent in nature, and connect you to an official-looking website. Don’t take the bait!

One scheme sends you an email stating that your credit card or bank account at Bank XYZ is going to be closed immediately unless you reset your password by clicking on the attached link. The link will take you to a very official looking Bank XYZ website where you are instructed to type in your current account number and password. They now have your login information and can access your real account directly. Keep this in mind: Banks and other financial organizations will not ask you to provide account and password information via an email. Common scams include more than just trying to get your banking information; be on the lookout for wire transfer requests from friends stuck overseas, lottery winnings, investment schemes, fake checks and pretty much anything related to money.

For a long time we thought it was safe to click links and attachments from people we know, but hackers have gotten much more sophisticated and now use your friends’ email names and addresses that have been harvested from social media or malware. By using the email addresses and names of people you know, they increase the chance that you will open those emails. The links and attachments can often lead to software that will attempt to infect your computer with malware or take you to a bad site. So always use extra caution when you get an email asking you to provide any type of personal information.

How do you protect yourself? First, don’t give out personal information that is requested in an email. Also make sure that the address in the browser matches where you think you should be. If you expect to be at www.paypal.com and the browser says you are at www.stealingyourmoney.com you should leave that site immediately. Of course, it’s not always quite so obvious. But if you look closely, you’ll often be able to detect a discrepancy in the web address.

You should always make sure your computer and devices are patched and up-to-date with the latest security updates. Most major software companies update their software on a regular schedule to help keep security issues down, so don’t avoid those update notifications. Use a firewall and anti-virus software, which will do a good job of keeping a lot malicious items at bay. Most Internet browsers have pop-up blockers that can help reduce your risk as well. Finally, if you are unsure if the email is real, call the person who sent it to you and ask them about it.

In the end, you are the last line of defense. Always be skeptical of things that don’t seem quite right. While in the real world it may be admirable to trust the good intentions of others, things are not always what they seem in the online world, and it is best to have your best defenses forward.

0 Comments

Spring cleaning: 10 ways to freshen up your financial situation

After cleaning the garage, packing away your winter clothes and cleaning the windows, turn your spring cleaning efforts to your finances. Here are ten ideas to freshen up your financial situation:

1.      Reduce paper: Most banks, brokerages, credit cards, and utilities offer online delivery and storage of statements and bills. Sit down with your paper statements and see how many you can move to online. You will save the time spent opening mail, remove clutter and help the environment.

2.      Pay your bills online: Sign up for an online bill payment service if you don’t already. Set up automatic payments for recurring bills.

3.      Purge: Get a good shredder and use it aggressively. You really don’t need the water bill from two years ago. Purge! This can also help reduce your risk of identity theft.

4.      Eliminate redundancies: Eliminating clutter is not only about getting rid of paper; Identify what accounts are redundant and can be combined and/or closed.

5.      Organize: Get a label maker and create a small, efficient filing system.

6.      Reduce costs: Review bills you get from cable and phone companies, because when contracts expire they may revert to higher charges. Give them a call and you’ll be surprised how easy it is to have your rates reduced.

7.      Check your coverage: Review your insurance coverage to make sure that it is appropriate for you.

8.      Compare interest rates: Make sure your banks and credit cards are competitive for their fees and interest rates.

9.      Track your goals: Create easy-to-use systems for tracking your big picture goals, including a simple budget, college savings, and retirement.

10.  Think about getting help: Identify what areas you may need professional help, and create a plan to interview candidates.

0 Comments

Are you making these mistakes with your car insurance?

Insurance can seem like a nasty word, and I’ve found that most of us would rather not talk about it. However, it’s all about protecting and preserving your assets. Our job is to help our clients grow their wealth so they can achieve all that is important to them. However, we’d be foolish if we neglected to also help them mitigate risks that could eat away at all their hard work.

When it comes to car insurance, I’ve found a few common mistakes.

Too little insurance

Many states require all drivers to maintain a minimum level of coverage in order to drive legally. Some states even require a minimum level of coverage for medical or personal injury. This is just a minimum standard and is often not even enough to cover the average cost of repair from an accident. In every accident, the human body is the weakest link in the chain and the one at greatest risk of injury. Cars are a fixed cost to repair – you know how much a BMW will cost to repair or replace, whereas we don’t know how much it will cost to save or repair a human body.

Rather than getting the minimum, consider carrying coverage based upon the car you drive, and more importantly, the cost of the other cars on the road.

Too much insurance

Every once in a while, I run across a situation where someone has purchased higher limits of coverage. Usually this person is terrified of the risks that exist in the world and will pay absolutely anything to protect themselves. As a result, they often have excess liability or umbrella insurance coverage, which is usually a very wise investment.

This additional insurance is fantastic, and something that I suggest for almost everyone. However, they might be paying more for auto insurance coverage that they just don’t need. If your auto insurance liability coverage is $500,000 and your umbrella coverage begins at $300,000, you are paying for $200,000 of unnecessary coverage. You could reduce your auto coverage to $300,000 and save on your premiums.

This is generally a good idea. However, if your umbrella coverage doesn’t include an additional layer of underinsured (or uninsured) motorist coverage, you might want to keep the higher coverage on your auto policy.

Incorrect deductibles

Generally speaking, the higher the deductible, the lower your premiums will be. The deductible is the amount you are responsible for before the insurance company provides protection.

I see situations where the deductibles are far too low and one could easily save 20-40% on their premiums by simply increasing the deductible. If you are able to stay accident free, you’ll often save enough on the premiums over the next few years to be able to cover this increased deductible. This isn’t always the case, though. I had a client looking to increase their deductible from $1,000 to $2,000 and we were both shocked that the premium savings was less than $100 annually.

If you drive an older car, it doesn’t make sense to have a low deductible for collision or comprehensive coverage on a vehicle that is relatively inexpensive to replace. In fact, if your car is older, consider getting rid of collision and comprehensive coverage altogether. If you do this, it’s still important to carry the proper amount of liability protection.

Not combining policies with one company

If you have your auto policy and homeowners policy with the same carrier, you’ll tend to save on your premiums and have better coordinated coverage with your umbrella policy, if you have one.

Failing to review your coverage

It’s very easy to get your insurance in place and then forget about it for many years. There are a few problems with the set it and forget it approach as your lifestyle and potential risks may change over time. It’s always good to have a history with an insurance company. However, you should periodically review your coverage to make sure that it fits your needs today.

Solely focusing on the cost

Insurance is one area where focusing solely on the cost could get you in a lot of trouble and financial pain. I find that many of us don’t want to be educated on the need for various types of insurance coverage, and often view this education as a sales pitch. You may find the lowest absolute cost for any given coverage, but it might pale in comparison with what a competitor offers for just a few dollars more. The devil is in the details, and I suggest looking at the details of the coverage so that you know exactly what you are getting for your money. Also, rather than focusing solely on the cost, you should work with a professional who will take the time to evaluate your situation and help you understand your insurance needs.

0 Comments

Give your valentine the most thoughtful gift ever

Happy Valentine’s Day!

Instead of giving your sweetie another trinket they will forget about within a week, why not give them the most thoughtful and caring gift you can give your spouse: A conversation about your finances. I realize this is not the most romantic gift, your spouse will thank you some day.

If you are like most married couples, you have divided up the household chores. This makes sense; it’s both efficient and keeps the peace. Unfortunately this often means that one member of the relationship takes over the banking, investment and retirement plan duties and the other pays little to no attention to that part of the household duties, as they have plenty on their plate as well. This may work out just fine for you as a couple, but what happens when one of you is not around anymore or incapacitated? As we all know, this can happen overnight with no warning, no matter what your ages.

I have worked with several clients who have lost their spouses to heart attacks, strokes and even accidents in the blink of an eye. The surviving spouse often times has no idea where all the investment and bank accounts are held, what the online passwords are or even how to log on to their home computer accounts.

They are in the midst of grieving and may have no idea how to free up cash for a funeral, where the copies of the wills are and who the current beneficiaries are on their retirement accounts.

Unfortunately this is not just limited to losing a spouse or partner. My brother and I went through this process following my father’s death. We had no idea if he had a will and if so, where it was kept. We found odd-looking keys at his home and wondered if they were for a safety deposit box or some other lock (we never did find out). It was a very challenging process both mentally and physically to grieve and try to sort out an estate with little to no information to go on. (To read more on this, please see my new eBook: The Transparent Legacy)

So this Valentine’s Day (or at least this month), be extra caring and give your loved one the gift of peace of mind and knowledge about your wishes, your finances and your passwords. But just to be sure you aren’t spending the month sleeping in the garage; you might want to also pick up those chocolates and that card.

0 Comments

The 529 Plan Series – Part III: The best 529 plan I know

Part I of this three-part series reviews 529 plan basics. Part II examines Washington State’s 529 prepaid tuition plan, the GET. This final section focuses on the best 529 savings plan I know, the West Virginia Smart529 Select.

Five years ago, my younger sister gave birth to her first child, a beautiful baby girl named Sydney. I was there at the hospital right after Sydney was born, and I instantly fell in love with her. When her 1st birthday came around, I decided the best gift I could give to her was the gift of education (or at least help with it). I set up a 529 account and began making monthly contributions for her benefit. My examination of 529 plans four years ago led me to the West Virginia Smart529 Select, and I believe it’s still one of the best 529 plans available today.

Why the West Virginia Smart529 Select?

I like the WV Smart529 Select plan for three main reasons:

  1. It offers access to a world-class family of funds, Dimensional Fund Advisors (DFA).
  2. The costs are low and very reasonable.
  3. Set-up, maintenance and contributions are simple and easy.

Dimensional Fund Advisors (DFA)

The WV Smart529 Select is the only 529 plan in the country where 100% of the investment options are DFA funds. Clients who work with Merriman may recognize these as the same funds we use in our investment portfolios. DFA funds are rooted in the science of investing, and we believe they offer superior exposure, diversification and returns when compared to most other mutual funds and Exchange-Traded Funds. Ordinarily, you can’t get access to DFA funds unless you are an institutional client or you work with a DFA-registered advisor. However, through the WV Smart529 Select, all investors have access to this great fund family for college savings purposes!

Costs

The WV Smart529 Select has no sales charges, application fees or set-up charges. There is a $25 annual maintenance fee, but that is waived if you enroll in their Automatic Investment Program and contribute $25 or more each month, if the account value is $25,000 or more, or if you’re a resident of West Virginia. The annual program expense ranges from 0.65% to 0.88% of the account balance each year, depending on the investment options chosen—very reasonable for this type of plan.

Set-up, maintenance and contributions

Setting up a WV Smart529 Select account was a breeze. I was able to establish and fund the account directly online, and also enrolled in the Automatic Investment Program which transfers money from my bank account into the 529 account each month. The minimum initial investment to open an account is very low, only $250.

The plan also makes investing simple by offering Age-Based Portfolios, which are managed by DFA and automatically shift in allocation every 3 years as the beneficiary grows older. For example, when the child is between 0-3 years of age, the portfolio will be invested in 100% stocks. When the child turns 19 or older, the portfolio will be 20% stocks, 80% bonds and cash. This provides for greater growth potential while the child is younger, but increases capital preservation potential as the child approaches college. The plan also offers Static Portfolios that don’t change with age, but for my money the Age-Based Portfolios are a simple and elegant solution.

Satisfaction

Four years into it, I’m still making monthly contributions into my niece’s WV Smart529 Select account. I intend to continue this until she finishes college, wherever she may go. She probably won’t realize all of the thought that went into selecting this plan for her; she may simply know that her uncle loves her and has planned ahead for her future. I, however, will know that I have used the best tool for the job, and that gives me tremendous satisfaction.

0 Comments

For inquiring minds: A white paper about umbrella insurance

We’ve written two posts on our blog in the last year about the importance of having umbrella insurance for those who have wealth:

Why lose what you’ve worked hard for?

Umbrella insurance – why it might be a good idea for you

If you want to understand this type of insurance and the risks it covers in much greater detail, please click here to read an excellent white paper on this subject, published by ACE Private Risk Services.

0 Comments